Target's CEO Gregg Steinhafel apologized through a statement issued on Friday. The retailer also said it's working hard to resolve the problem and is adding more workers to field calls and help solve website issues. And the discounter began offering 10 percent off for customers who shop in its stores on Saturday and Sunday and free credit-monitoring services to those who've been affected by the issue.

The Minneapolis-based discounter said that while it's only heard of "very few" reports of fraud, it's reaching out to customers who made purchases by swiping their cards when the scam occurred. The company also said it's continuing its investigation into the matter.

"We take this crime seriously," Steinhafel said in the statement.

Target's statements come after the nation's second-largest retailer acknowledged Thursday that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend.

The theft is the second-largest credit card breach in U.S. history, exceeded only by a scam that began in 2005 involving retailer TJX Cos. That incident affected at least 45.7 million card users.

Target disclosed the theft a day after reports that the company was investigating a breach. The retailer's data-security troubles and its ensuing public relations nightmare threaten to drive off holiday shoppers during the company's busiest time of year.

On Friday, Target reiterated that the stolen data included customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip found on the backs of cards, Target said.

There was no indication the three- or four-digit security numbers visible on the back of the card were affected, Target said. It also said Friday there was no indication that the stolen data included a customer's birth date or social security number. The data breach did not affect online purchases, the company said.

Target also said it didn't believe that PIN numbers to customers' debit cards have been compromised. So that means someone cannot visit an ATM with a fraudulent card and withdraw cash, it said.

Target hasn't disclosed exactly how the breach occurred but said it has fixed the problem.